nerdexam
Cisco

350-201(NEW-127Q) · Question #42

350-201(NEW-127Q) Question #42: Real Exam Question with Answer & Explanation

The correct answer is A. ISO/IEC 27002 for security control best practices, NIST guidelines for overall cybersecurity framework and OWASP for web security. Option A is correct because ISO/IEC 27002, NIST guidelines, and OWASP are all globally recognized, authoritative frameworks specifically designed for information security - covering security controls, cybersecurity risk management, and web application security respectively, makin

Security Governance and Compliance

Question

A network security administrator must strengthen the security posture of a university's research network, which handles sensitive academic data across various operating systems and IoT devices. The administrator is seeking comprehensive, established resources for system hardening guidance. Which resources should the administrator evaluate while considering industry-respected standards?

Options

  • AISO/IEC 27002 for security control best practices, NIST guidelines for overall cybersecurity framework and OWASP for web security
  • BITIL for overall IT service management, PMBOK for project management in security implementations, and ANSI standards for general procedures
  • CIEEE standards for network devices, SANS Institute for general security practices, and vendor-specific IoT security guides
  • DAgile methodologies for quick updates, Six Sigma for process improvement in security practices, and GDPR guidelines for data protection

Explanation

Option A is correct because ISO/IEC 27002, NIST guidelines, and OWASP are all globally recognized, authoritative frameworks specifically designed for information security - covering security controls, cybersecurity risk management, and web application security respectively, making them ideal for a mixed-OS/IoT research environment handling sensitive data. Option B is wrong because ITIL and PMBOK are IT service management and project management frameworks, not security hardening standards, and ANSI is a standards body, not a cybersecurity resource. Option C is partially relevant but falls short - IEEE and vendor IoT guides lack the comprehensive, cross-domain hardening scope needed, and SANS, while respected, is not a formal standard. Option D is entirely off-target, as Agile and Six Sigma are process/quality methodologies, and GDPR is a data privacy regulation rather than a technical hardening guide.

Memory tip: Think "NSO = Network Security Orthodoxy" - NIST, ISO, OWASP are the three pillars of established, exam-tested security standards. Anything involving project management, quality processes, or regulations is a distractor from actual technical hardening guidance.

Topics

#Security Standards#System Hardening#Governance Frameworks#Network Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201(NEW-127Q) Practice